Category: Cloud Computing

Tech Tip – Timeline For Windows 10

Posted on by Rob Burdett

Currently being tested and likely to come out soon in an update is a browser history for your Windows desktop known as ‘Timeline’. This feature will allow you to search through files, apps and sites you’ve previously had open, and jump back and pick up what you were doing.

What’s more, it will extend to PCs, Android handsets and iPhones running Microsoft’s Cortana. This means that you will be able to resume what you were doing on another device. Cortana will also suggest tasks to continue.

How it will work:

  • An icon will be added (bottom left, next to search) on the Windows 10 desktop.
  • Clicking the icon will show the running applications.
  • Timeline activities will be displayed below this, plus a vertical dated timeline will be shown on the right hand side of the screen. You will be able to see activities you were working on in the past, and quickly click back to them.

Keep an eye out for this helpful feature in the next update.

Military Bases Exposed By Fitness App

Posted on by Rob Burdett

A user activity ‘heat map’ published by fitness tracker Strava has unwittingly revealed the location and structure of military bases in other countries.

How?

The app, made by San Francisco-based Strava, uses a mobile phone’s GPS to track a subscriber’s exercise activity. Although the new version of the app, introduced in November last year, is reported to be built from a billion activities – three trillion points of data, covering 27 billion km (17bn miles) of distance run, jogged or swum, the data used to produce a ‘heatmap’ of user activity is not live data.

The latest heatmap published by the company, showing the paths its users log as they run or cycle, is intended to show the app’s popularity and is actually made from aggregated data from activities recorded between 2015 and September 2017.

Revealed

Unfortunately for Strava, since military personnel engage in regular exercise, and are generally limited to following the same exercise routes in or close to the base where they are stationed, Strava’s heatmap of user activity reveals the outline of military bases and the most popular routes taken by the soldiers there.

Danger

Even though the location and outline of many military bases are already known from satellite imagery, the heatmap from the app exposes the regular routes taken by soldiers when they are most likely not armed and at their most vulnerable. Also, the heatmap could expose the routes taken by other personnel such as aid workers and NGO staffers in more remote areas. All of this could mean that the app is exposing soldiers and other personnel to danger from attack or kidnap by state and non-state actors e.g. in countries such as Syria, Yemen, Niger, Afghanistan or Djibouti.

There is also a danger that hackers could access Strava’s database and find the details of individual users.

UK Personnel at Risk Too

Even though Strava is a US app, it has also been reported that user activity at the UK’s RAF base at Mount Pleasant in the Falkland Islands was also exposed by the app’s heatmap.

Privacy Settings

Privacy settings do exist on the app but the onus is on the user to explicitly opt out of data collection for the heatmap.

US Already Takes Measures To Protect

The US government already takes measures to guard against similar risks to those posed by the app heatmap. For example, it has already published a tract called Enhanced Assessments and Guidance Are Needed to Address Security Risks in DOD, and in 2016, banned Pokémon GO from government-issued mobile phones.

What Does This Mean For Your Business?

This is not the first time that the negative aspects of fitness-tracking device companies and their activities have been featured in the news i.e. that the devices are transmitters as well as recorders of data about us. Back in February 2016, a study by a Canadian research team revealed that popular types of fitness trackers actually transmit a signal via bluetooth that could act as an ‘identifier’ signal that could be picked up by beacons that are now being used by retail stores and shopping centres to track, recognise and profile customers.

In the case of Strava, although the company could be forgiven to an extent because of the relatively unforeseen risk that its activities may have caused, there is an argument that a better approach would be to make the device opt-out by default, and to give users the choice to opt-in should they wish to. It may also have been better to avoid publishing any heatmaps, and to simply publish some statistics instead.

In addition to the possible risk to the life of service personnel (and others) that the map has caused, it has also highlighted other important issues relating to fitness-tracking devices and consumer protection e.g. data protection and privacy implications, the risk of hacking the devices, and the need for greater transparency about what is stored and transmitted by the devices.

Companies producing devices that store and transmit personal data need to ensure that they comply with data protection laws, and that they are mindful of potential identifiers and other security risks.

Tech Tip: Windows 10 – Create Multiple Desktops

Posted on by Rob Burdett

If your work involves having different jobs that need different sets of apps, or if you need to have lots of different things open and you only have one monitor, you may find that it helps to create multiple desktops.

To create multiple desktops:

  • Click on the task view button next to the search bar on the taskbar.
  • Go to the button at the bottom-right corner of your screen labelled ‘+ New desktop.’
  • Click on this to create a new desktop.
  • To switch between desktops, click on the task view button and then, click on either of the thumbnails at the foot of the screen.

10% of Cryptocurrency ICOs Are Stolen

Posted on by Rob Burdett

A report by Ernst & Young has highlighted the fact that 10% of all funds raised through Initial Coin Offerings (ICOs) are stolen by hackers using techniques such as Phishing.

What Is An ICO?

An Initial Coin Offering (ICO) is a controversial way of start-up companies raising money / crowd funding to build new technology platforms or to fund businesses that use crypto currencies (also called tokens), and the underlying blockchain technology. The tokens only become functional units of currency if / when the ICO’s funding goal is met, and the project finally launches.

The controversy about ICOs centres around the fact that, although it is an innovative new source of venture funding, some commentators view ICO projects as unregulated securities that allow their founders to raise an unjustified amounts of capital, and that valuations of ICO tokens may be driven too much by the fear of missing out and, therefore, seem to result in investors rushing to put money into projects that ignore some important market fundamentals, such as project development.

$400 Million Stolen

After analysing more than 372 ICOs, Ernst & Young has reported that approximately $400 million of the total $3.7 billion funds raised to date has been stolen by hackers. The most widely used technique to steal the digital cryptocurrency funds was found to be Phishing, resulting in the theft of $1.5 million in ICO proceeds per month.

ICOs are an opportunity for scammers because they are able to take advantage of the promise of people making a huge return from a relatively low investment.

As well as scammers taking money, the study also found that underlying software code in some projects contains hidden investment terms that have not been disclosed, or that contradict previous disclosures e.g. saying there will be no further issuance of a cryptocurrency, while the code may leave that option open.

Challenges To Reaching Targets For ICOs

The Ernst & Young research shows that the volume of ICOs has been slowing since late 2017, with less than 25% reaching their target in November 2017, compared with 90% in June. Recent ICOs have faced challenges in reaching their targets, a drop in quality i.e. more low quality projects with higher fundraising goals are being presented, and issues from earlier projects are now being highlighted.

Crypto-based investment of choice is therefore waning, organizers and contributors are now facing increased regulatory scrutiny, and they are therefore now under more pressure to prove the longer-term potential of their product or service to an increasingly sceptical audience.

What Does This Mean For Your Business?

A drop in the value of popular cryptocurrency Bitcoin (its value has fallen 12% over 24 hours), added to warnings about investing in cryptocurrencies from the chairman of UBS and warnings by billionaire investor Warren Buffett (who said he would never invest in cryptocurrency), and news reports of scams such as a fake sale con for instant messenger service Telegram to unsuspecting would-be investors have all served as warnings about the risks of cryptocurrencies and of ICOs.

This latest Ernst & Young research has only served to cement that message to businesses and investors, and some commentators now think that ICOs could soon disappear altogether as a viable fundraising option, unless they can address the issue of security urgently and effectively.

Cloud Companies The Next Big Target For Ransomware

Posted on by Rob Burdett

The latest Massachusetts Institute of Technology (MIT) Review has predicted that ransomware targeting cloud services will be one of the biggest cyber-crime threats of this year.

What Is Ransomware?

Ransomware is a form of malware that typically encrypts important files on the victim’s computer. The victim is then given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway, and paying the ransom does not guarantee that any files will be released.

Huge Data Sources

One of the main reasons why the MIT puts the ransomware aimed at cloud services in the top 6 cyber threats for 2018 is because attacking a single cloud services company can give criminals access to huge amounts of data being stored and handled for multiple companies and organisations.

The MIT predictions, however, point to smaller, more vulnerable cloud providers who are more likely to pay as being a more likely target than the apparently well-protected larger CSPs such as Google, Amazon, and IBM.

Other Big Threats For 2018

Other MIT predictions for more common cyber-crime in 2018 include the targeting of electrical grids, transportation systems and other types of national critical infrastructure, cyber-physical attacks to cause disruption and extort money, and the targeting of old systems in transport modes (planes, trains and ships).

Also, another prediction for increased activity is the hijacking of more computing to mine crypto-currencies, and the resulting (potentially devastating) collateral damage if computing resources at hospitals, airports and other similar locations are targeted.

Evolution of Crime and Protection

The last 3 years have seen a rapid evolution of the threat of things like ransomware. 2016 was a huge year for ransomware attacks globally. For example, Kaspersky Labs estimated that in the 3rd quarter of 2016 a ransomware infection occurred every 30 seconds. Intel Security also reported that infections rose by more than a quarter in the first 3 months of the year.

The massive WannaCry ransomware attack of spring 2017 infected the computers of an estimated 300,000 victims in 150 countries worldwide, many of them large, well-known businesses and organisations (including 16 health service organisations in the UK), and has been a massive Internet and data security wake-up call.

Last year also saw AI used by both attackers and defenders, and MIT predicts that 2018 will see greater machine learning models, neural networks and other AI technologies used on a more regular basis by cyber attackers.

What Does This Mean For Your Business?

Cyber attackers are becoming ever-more sophisticated in their attack methods, using the latest technologies, multi-layered attacks, and the use of social engineering. Ransomware is a popular tool because it is often relatively cheap to create and use, it can spread easily (like WannaCry), the attackers can remain anonymous, and it yields the main motivation for many attacks – financial gain. It stands to reason that CSPs would make an ideal target because of the huge amount of data from many companies that is stored with them.

For individual UK businesses and other organisations, it’s a case of always being on the lookout for suspicious emails and updates, keeping security software up to date and regularly backing up critical data. With GDPR due to come into force in May, there is an even greater motivation to pay attention to data and Internet security, and there is a danger and false economy of staying with old operating systems as long as possible.

In order to provide maximum protection against prevalent and varied threats this coming year, businesses should adopt multi-layered security solutions. Businesses should accept that there is a real likelihood that they will be targeted and therefore prepare for this by implementing the most up to date security solutions, virtual patching and education of employees in order to mitigate risks from as many angles (‘vectors’) as possible.

Having workable and well-communicated Disaster Recovery and Business Continuity Plans in place is now also an important requirement.

Tech Tip – Currency Converter In The Calculator

Posted on by Rob Burdett

If you haven’t already spotted it, the Windows 10 Fall Creators update from last year means that a helpful currency converter is built into the calculator on a Windows 10 PC.

The calculator also now includes converters for time, power, and temperature, so you can easily and quickly convert e.g. from Fahrenheit to Celsius and back again. To use it:

  • Open the Calculator.
  • Click on the menu button on the left.
  • Select what you’d like to convert.